ISF: For Most Orgs, Threat Intelligence Fails to Deliver

Written by

Only a quarter of organizations with threat intelligence capabilities feel that it’s delivering on business objectives.

Threat intelligence, i.e., information about past, present and predicted attacks against an organization from adversarial threats, is meant to help companies manage cyber-risk and enable actions that prepare the organization to react to threats today and in the future.

“While threat intelligence seldom leads to control over adversaries, it enables the organization to make more informed decisions in the areas it does control, the vulnerabilities and associated business impact,” said Steve Durbin, managing director, Information Security Forum (ISF).

However, the ISF Threat Intelligence: React and Prepare report found that threat intelligence is failing to deliver on its promise.

While 82% of ISF members surveyed have a threat intelligence capability (and the remaining 18% planning to implement one in the next 12 months), only 25% of those surveyed believe it’s doing everything that it should.

There are five common problems at fault for this according to ISF, which laid out ways to remedy these in the report. For one, there is no common understanding of threat intelligence. In fact, 90% said they would benefit from a single definition.

Secondly, the skills shortage is also impacting this sector. Only 8% said that they can find all the skills required for their threat intelligence capability, with the largest gaps being in identifying business implications and performing analysis.

Organizations are struggling to integrate threat intelligence into their decision making. Only 7% have achieved considerable integration and none have done so “fully.”

Organizations are struggling to manage their threat intelligence capability too, with only 32% using a formal process.

And finally, organizations are unsure how practical considerations (organizational structures, use of technology, collaboration and sharing, and opportunities to outsource) can affect their threat intelligence capability.

“While organizations continue to rely on well-established security practices, many are seeking additional ways to keep pace with the increasing torrent of attacks,” said Durbin. “To efficiently manage cyber-risks, organizations must build an accurate view of the threats they face—their capabilities, intentions and actions—and respond accordingly. Many organizations are looking to threat intelligence for this view of their adversaries, but often find it to be ill-defined, costly to buy or produce, and difficult to integrate into decision making. This leads to a failure to deliver the expected business aims.”

What’s hot on Infosecurity Magazine?